What is claimed is: 

1 . A method for controlling access to a network by a wireless client, the 
method comprising: assigning a network address to the wireless client, wherein the 
network address has a lease period; sending the assigned network address to the 
wireless client; sending the address of a wireless access point to the wireless client, 
wherein the wireless access point is adapted to provide access to the network for the 
wireless client; and, if the wireless client fails to establish a secure link with the 
wireless access point and request a renewal of the assigned address via the secure link 
within the lease period, invalidating the assigned network address, thereby preventing 
the wireless client from accessing the network. 

2. The method of claim 1, wherein the assigned network address and the 
wireless access point address are sent to the wireless client in a DHCP offer packet. 

3. The method of claim 1 , wherein the secure link is an IPSEC tunnel. 

4. The method of claim 1, wherein the assigned network address is sent to 
the wireless client via the wireless access point. 

5. The method of claim 1, wherein the address of the wireless access point 
that is sent to the wireless client comprises an IP address and a MAC address. 



6. A computer-readable medium having stored thereon computer- 
executable instructions for performing the method of claim 1. 

7. A computer-readable medium having stored thereon computer- 
executable instructions for performing the method of claim 2. 

8. A computer-readable medium having stored thereon computer- 
executable instructions for performing the method of claim 3 . 

9. A method for controlling access to a network by a wireless client, the 
wireless client using a network address having a lease period to communicate with the 
network, the method comprising: engaging in a negotiation of a secure link with the 
wireless client; communicating with an address server of the network to determine 
whether the lease period of the leased network address has expired; and, if the lease 
period is determined to be expired, terminating the negotiation, thereby preventing the 
wireless client from accessing the network. 

10. The method of claim 9, wherein the negotiation is a negotiation of an 
IPSEC tunnel. 



1 1 . The method of claim 9, wherein the address server is a DHCP server. 



12. A method for controlling access to a network by a wireless client, the 
method comprising: receiving a request for a network address from the wireless 
client; attaching information to the request to indicate that the request originated from 
a wireless client; relaying the request to the address server; receiving an assignment 
of an address from the address server, the address having a lease time; relaying the 
assignment to the wireless client; negotiating the establishment of a secure link with 
the wireless client; and, if the lease time expires before the secure link is established, 
denying the wireless client access to the network. 

13. The method of claim 12, further comprising: broadcasting an ARP 
packet to check whether there are any other clients having the same IP address of the 
wireless client; and, if a response to the ARP packet is received, terminating the 
negotiation, thereby denying the wireless client access to the network. 

14. The method of claim 12, further comprising: in response to the 
negotiation, creating an ARP entry that maps the the IP address of the wireless client 
to the MAC address of the wireless client. 

15. The method of claim 12, wherein the request is a DHCP discover 
packet, the method further comprising: inserting data into an optional field of the 
packet to indicate that the packet was received from a wireless client; and relaying the 
packet to the address server. 



16. The method of claim 12, further comprising: receiving a renewal 
request packet having a request for a renewal of the lease time from the wireless 
client; if the secure link is successfully negotiated with the wireless client, inserting 
data into an optional field of the renewal request packet to indicate that the renewal 
request packet was received from a wireless client; and relaying the renewal request 
packet to the address server. 

1 7. A computer-readable medium having stored thereon computer- 
executable instructions for performing the method of claim 9. 

18. A computer-readable medium having stored thereon computer- 
executable instructions for performing the method of claim 10. 

19. A computer-readable medium having stored thereon computer- 
executable instructions for performing the method of claim 12. 

20. A computer-readable medium having stored thereon computer- 
executable instructions for performing the method of claim 13. 

21. On a wireless client, a method for gaining access to a network, the 
method comprising: broadcasting a request for an address on the network; receiving 
an assignment of a leased address from the network, the leased address having a lease 
time; and negotiating a secure link with the network before the lease time expires. 



22. The method of claim 21, wherein the request for an address is broadcast 
as a DHCP discover packet. 

23 . The method of claim 2 1 , wherein the secure link is an IPSEC tunnel. 

24. The method of claim 2 1 , wherein the negotiating step further > 
comprises: generating an ARP packet having the network address given by the 
DHCP server as its destination address; and, in response to the ARP generation, 
initiating a negotiation of a secure link with the network. 

25.. The method of claim 2 1 , wherein the leased address is received in a 
packet, wherein the packet additionally contains the network and MAC address of a 
wireless access point, wherein the secure link is negotiated with the wireless access 
point corresponding to the network address. 

26. . A computer-readable medium having stored thereon computer- 
executable instructions for performing the method of claim 21. 

27. A computer-readable medium having stored thereon computer- 
executable instructions for performing the method of claim 22. 



28. A computer-readable medium having stored thereon computer- 
executable instructions for performing the method of claim 23. 

29. A computer-readable medium having stored thereon computer- 
executable instructions for performing the method of claim 24. 



30. A computer-readable medium having stored thereon computer- 
executable instructions for performing the method of claim 25. 



